[PATCH 15/19] nvme-tcp: do not start queues when TLS is not enabled for secure concatenation

[Hannes Reinecke]

For secure concatenation the TLS PSK is negotiated with DH-HMAC-CHAP,
and then the queue is reset to enable TLS. During that state we should
not start the I/O queues as the connection will be reset after
DH-HMAC-CHAP is run.

Signed-off-by: Hannes Reinecke <hare at kernel.org>
---
 drivers/nvme/host/tcp.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/drivers/nvme/host/tcp.c b/drivers/nvme/host/tcp.c
index a9fd3169ae45..232ea8572cdd 100644
--- a/drivers/nvme/host/tcp.c
+++ b/drivers/nvme/host/tcp.c
@@ -2065,6 +2065,17 @@ static int nvme_tcp_configure_io_queues(struct nvme_ctrl *ctrl, bool new)
 	 * queue number might have changed.
 	 */
 	nr_queues = min(ctrl->tagset->nr_hw_queues + 1, ctrl->queue_count);
+
+	/*
+	 * If secure concatenation is enabled don't start queues
+	 * when TLS is not enabled; the connection will be reset
+	 * after DH-HMAC-CHAP is run to enable TLS.
+	 */
+	if (new && ctrl->opts && ctrl->opts->concat && !ctrl->tls_pskid) {
+		nr_queues = 1;
+		dev_dbg(ctrl->device, "restrict I/O queues for secure concatenation\n");
+	}
+
 	ret = nvme_tcp_start_io_queues(ctrl, 1, nr_queues);
 	if (ret)
 		goto out_cleanup_connect_q;
-- 
2.35.3